MODULE 1: FORENSICS AND DIGITAL FORENSICS

• What is Forensic Science
• The role of the Forensic Science in the Legal System
• Why is important to understand the forensic evidence
• Identifying Forensic Traces

MODULE 2: DIGITAL FORENSIC PRINCIPLES

• Introduction and Discussion

MODULE 3: HARDWARE PRINCIPLES

• Desktops, laptops, and other devices with operating systems
• Boot Process
• Forensic Boot

MODULE 4: STORAGE MEDIA PRINCIPLES

• Different types of Digital Storage Devices and Media
• Introduction to data organisation (file systems and data structures)
• Remote / Network / Cloud Storage

MODULE 5: OPERATING SYSTEMS

• What is an Operating System
• Different types of Operating Systems
• Common OS forensic artefacts
• Application Software

MODULE 6: DATA PRESERVATION PRINCIPLES

• Different types of Hardware Write Blocking and Imaging Devices
• Software Write Blocking Applications
• The importance of testing and verification of DF tools

MODULE 7: MANAGING DIGITAL EVIDENCE AT THE CRIME SCENE

• What is Digital Forensic Crime Scene
• Prepare before attending the Crime Scene
• DF team member and the warrant holder
• Interviewing suspects in relation to digital evidence
• How to control the Digital Forensic Crime Scene
• The importance of the forensic approach when processing Digital Evidence
• Protect and manage digital evidence at the crime scene
• Document digital evidence at the crime scene
• Processing a crime scene involving digital evidence and perform preliminary survey
• Introduction to Digital Forensic Triage
• Develop a plan for successful triage of digital evidence

MODULE 8: THE ACQUISITION PROCESS

• Digital evidence collection
• How to prepare/sterile Target Media
• What is Forensic image and what is a Clone
• Different types of Forensic Image Formats
• Perform basic imaging
• Data collection
• Practical Exercises
• Prepare target media
• Test and verify DF tools
• Imaging
• Cloning
• Data Containers
• Targeted Collections
• Authentication

MODULE 9: DIGITAL FORENSIC TRIAGE

• The theory of DFT
• Using different tools to perform DF Triage
• Triaging of storage devices
• Prioritising devices for Live examination and collection (Volatility Risk Assessment)
• Triaging of computer systems and smart devices
• Windows
• Apple
• Android
• How to Identify “Hot Zones” for effective DFT on powered on systems
• Live DFT Workflow
• DFT and RAM
• Identify Encrypted structures (Volumes, Folders…)
• Bit Locker
• Specialities of APPLE devices

MODULE 10: OHS AND OFFICER SAFETY

• How to identify and manage individual and environmental threats to an officer’s safety
• How to deploy proper procedures and tactics to ensure personal safety as well as the safety of others at the electronic crime scene

MODULE 11: DIGITAL EVIDENCE IN COURT

• Introduction

MOD 12: Mobile Device Technology Overview: Cellebrite UFED Field Operator (CUFO)

• Mobile Device Technology Overview
• Data Locations
• Forensic Handling of Mobile Devices
• UFED Kiosk Tour
• SIM Extraction with UFED Kiosk
• Mobile Device Extraction with UFED Kiosk
• SD Card Extractions with UFED Kiosk
• Viewing Data using the UFED Kiosk